VPN tunnel negotiates but only when triggered from one side and IKE/IPSec SA delete request

Hi All,

I have made some big changes to our network infrastructure today as we are due to take over another floor in our building (we've only had one so far).

The relevant changes are the introduction of a Layer 3 switch (as we need to start using VLANs) and the switch from our SonicWall TZ190 to two SonicWall NSA200 (HA solution). The Layer 2 switches were replaced as well.
The SonicWall has got a virtual sub interface set up and assigned to the LAN interface (x0) - this is solely used for wireless.

The connectivity between the floors is fine, the connectivity within the network is fine - my only issue is one VLAN tunnel which initially didn't connect.

We are connecting to a Cisco firewall in a data centre in London via a VPN tunnel from our SonicWall.
This has worked until I changed it over today - all existing rules were copied so there shouldn't be a problem with those.
I tried to connect to the remote servers but a connection couldn't be established. There was only one attempt to establish the VPN tunnel in the log files

IKE responder received main mode request (Phase 1)
IKE responder: Main mode complete (Phase 1)
Received IPSec SA delete request
Received IKE SA delete request

No further attempts anymore after this initial one.

I have then connected to a computer in a remote office which has got a VPN tunnel to the remote firewall set up successfully and from there to our remote servers.
From the remote servers I pinged our internal network (a server in the office network that doesn't connect) and this has triggered the VPN tunnel negotiation as well as a successful connection. I can now RDP to the remote servers from the computers that couldn't previously connect.

[edit] The tunnel has just dropped again after another IKE/IPSec delete request... [\edit]

[edit 2] I've just received the log file entry from our data centre hoster for the time of the disconnection. Keep alive is enabled in the VPN settings...

Aug 25 18:48:07 xxx: IP = 141.x,x,x, Keep-alives configured on but peer does not support keep-alives (type = None)

Aug 25 18:52:23 xxx: Group = 141.x.x.x, IP = 141.x.x.x, Connection terminated for peer 141.x.x.x.  Reason: IPSec SA Idle Timeout  Remote Proxy, Local Proxy

Aug 25 18:54:57 xxx: Group = 141.x.x.x, Username = 141.x.x.x, IP = 141.x.x.x, Session disconnected. Session Type: IPsec, Duration: 0h:42m:51s, Bytes xmt: 146067, Bytes rcv: 227970, Reason: Idle Timeout

Aug 25 18:54:57 xxx: Group = 141.x,x,x, IP = 141.x,x,x, Connection terminated for peer 141.x,x,x.  Reason: IPSec SA Idle Timeout  Remote Proxy, Local Proxy

There's obviously something wrong but what?

Please let me know what more info you require and I'll post it for you.

Thank you!
Who is Participating?
Minime85Author Commented:
Right, by the looks of it turning it off and on again has worked miracles. I'll confirm tomorrow if it's still working!
Minime85Author Commented:
That's still up - the reboot has fixed it
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.